CVE-2018-19215 — Out-of-bounds Read in Nasm

CWE-125 — Out-of-bounds Read7 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.2%

top 56.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nasm Debian Nasm Nasm Netwide Assembler +1 more

Timeline

PublishedNov 12

Latest updateMay 13

Description

Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDnasm/netwide_assembler12.14

▶debiandebian/nasm< nasm 2.14-1 (bookworm)

▶Debiannasm/nasm< 2.14-1+3

Also affects: Enterprise Linux 5.0, 6.0, 7.0

🔴Vulnerability Details

GHSA

GHSA-5cpq-4p23-chxh: Netwide Assembler (NASM) 2↗2022-05-13

▶

OSV

CVE-2018-19215: Netwide Assembler (NASM) 2↗2018-11-12

▶

📋Vendor Advisories

Red Hat

nasm: heap-based buffer over-read in do_directive in asm/preproc.c↗2018-10-29

▶

Debian

CVE-2018-19215: nasm - Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mm...↗2018

▶

💬Community

Bugzilla

CVE-2018-19215 nasm: heap-based buffer over-read in do_directive in asm/preproc.c↗2018-11-21

▶

Bugzilla

CVE-2018-19215 nasm: heap-based buffer over-read in do_directive in asm/preproc.c [fedora-all]↗2018-11-21

▶